<?php

require_once 'DatabaseHelper.php';
if (isset($_POST['submit_comment'])) {
    if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
        die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
    }
    $idcomment = $_POST['commentid'];

    $entry = htmlspecialchars(strip_tags($_POST['entry']));
    $timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
    $name = htmlspecialchars(strip_tags($_POST['name']));
    $email = htmlspecialchars(strip_tags($_POST['email']));
    $url = htmlspecialchars(strip_tags($_POST['url']));
    $comment = htmlspecialchars(strip_tags($_POST['comment']));
    $comment = nl2br($comment);

    //get timestamp
    $date = new DateTime();
    $timestamp = $date->getTimestamp();

    if (!get_magic_quotes_gpc()) {
        $name = addslashes($name);
        $url = addslashes($url);
        $comment = addslashes($comment);
    }
    $query = "INSERT INTO comment (entry, timestamp, name, email, comment) 
                    VALUES ('$entry','$timestamp','$name','$email','$comment')";

    //echo $idcomment;
    if (intval($idcomment) > -1) {
        $query = "update comment set entry='$entry', name='$name', email='$email', comment='$comment' where id='$idcomment'";
    }

    DatabaseHelper::getInstance()->connect();
    DatabaseHelper::getInstance()->query($query);
    header("Location: index.php?id=" . $entry . "#comment");
} else {
    if (isset($_POST['delete'])) {
        $idcomment = $_POST['commentid'];
        $query = "DELETE FROM comment where id = '$idcomment'";
        $entry = ($_POST['entry']);
        DatabaseHelper::getInstance()->connect();
        DatabaseHelper::getInstance()->query($query);
        header("Location: index.php?id=" . $entry . "#comment");
    }
}
?>